When pup 500 and 501 boot they make connections to 74.125.53.106 and to 174.143.209.250. The first connection disappears pretty quickly, but the second one hangs up and remains connected, even though LAST_ACK is sent.

This looks very suspicious to me, especially since my cisco firewall will not allow that second IP to be entered into the block IP window, it returns an error code.

This happens both with my SSD install and with the boot CD.

Why is the puppy connecting to this outside URL. How can I prevent this behavior? What script is making this connection?

I have tried putting the url in the host.deny file but it doesn't deny it.

It's very strange behavior and not something that is security friendly. For example Knoppix live CD does not make any connections when it boots up, and it also establishes the internet connection automatically.

Does anyone have any insight or info about this? You can see it by opening ipinfo and looking at the last tab.

The first one:
NetRange: 74.125.0.0 - 74.125.255.255
CIDR: 74.125.0.0/16
OriginAS:
NetName: GOOGLE
----------------------
The second one is harmless and a part of the network utility ipinfo, it is to show you your externally visible ipaddress, which is usually the ip address of your cablebox or dsl modem if you have a router in between your box and the service provider's device.

So everytime you open ipinfo, the brief connection is made. I did block it once for a test, using the rc.firewall file; I don't know why your firefall won't accept it.

Thanks Karl! for manuela page - should be included in Puppy Documentation

@800

That google one is a mystery, unless firefox, chrome, chromium, or some other internet app is open - like an rss feed or mail app. Firefox and chrome/chromium will periodically connect with google for the "block reported attack sites" and "block reported web forgeries" features or "fraud protection" as its called. Also the rss feeds will automatically connect periodically. Is there any app that starts automatically at system startup? You can look in the folder /root/Startup - those files are all readable in geany with a right click.

It's possible too with some desktop eyecandy apps like conky and similar widgets.

I can't think of anything at the system level that would make connections automatically.

I did some more checking. My current pup, 431, doesn't check any sites that I can detect. Firefox 2.0.0.7 doesn't call out when it opens up.

But the current 51 with the current firefox does call out. I have it connecting to a different site from the ones above, on port 443, the https socket. I'll add the picture when I get that box rebooted.

So it's the new version of the browser plus the new autoconnecting puppy.

I'll 'browse' around about:config to see if there's something going on. I have adblock and noscript add-ons in both versions. They are both configured the same. I will disable them next go-around and see if that alters the behavior.

Is there a script or tail command that would keep netstat -t up and running? It would be great if there was a way to get the monitoring running before the ethernet connection happens. Is there a way to do that?

Anyway, it makes me extremely uncomfortable to have something on my box connecting somewhere without my prior knowledge and consent. I hope I can track it down.

Maybe some more PARANOIDS can check it out too and explain what is happening.

Firefox 3 has additional features to check for phishing and 'unwanted' sites, so I believe it does request the info from some outside sources (which probably do include Google).

If you want, you can turn this behavior off in Preferences. (I don't remember the exact settings and tabs, as I've uninstalled FF3.6.8 from my Puppy setup, for the moment, and I'm not sitting at any of my other systems with FF3.6.8 installed. )_________________[ Puppy 4.3.1 JP, Frugal install | 1GB RAM | 1.3GB swap ] * My Pidgin Builds for Puppy 4.3.1+
In memory of our beloved American Eskimo puppy (1995-2010) and black Lab puppy (1997-2011).

Oh, right, I forgot (but remembered on seeing the URL in your picture above). The NoScript extension just added a feature where it makes a call to the dev's servers about every fifteen minutes or so... (though one of the earliest versions to implement it made the call more often than that.) I forgot the reason why, but I believe the feature's called 'ABE' and is another anti-spoofing measure.

Try disabling NoScript (disabling the extension itself from the Add-Ons window), or the ABE settings in NoScript (NoScript > Options > Advanced tab > ABE tab), then restart Firefox and see if the problem persists.

Could it be a simple connection test? (I'm still on a custom version of Puppy 4.3.1, so I don't know what 5.0.1 does )

Some years ago, I learned from posts (somewhere... I don't remember where or what forum) that a quick and simple way to test the connection is to ping Google or Microsoft's sites (those, among a few others, simply because they're most likely to be up, running and present)._________________[ Puppy 4.3.1 JP, Frugal install | 1GB RAM | 1.3GB swap ] * My Pidgin Builds for Puppy 4.3.1+
In memory of our beloved American Eskimo puppy (1995-2010) and black Lab puppy (1997-2011).

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot vote in polls in this forumYou cannot attach files in this forumYou can download files in this forum